417604 matches found
EUVD-2022-7038
Malicious code in bioql PyPI...
EUVD-2023-32327
Malicious code in bioql PyPI...
EUVD-2024-27251
Malicious code in bioql PyPI...
EUVD-2024-27039
Malicious code in bioql PyPI...
EUVD-2022-3680
Malicious code in bioql PyPI...
EUVD-2024-0322
Malicious code in bioql PyPI...
EUVD-2024-43125
Malicious code in bioql PyPI...
EUVD-2025-6833
Malicious code in bioql PyPI...
EUVD-2024-19411
Malicious code in bioql PyPI...
EUVD-2021-29623
Malicious code in bioql PyPI...
EUVD-2022-6117
Malicious code in bioql PyPI...
EUVD-2023-34988
Malicious code in bioql PyPI...
EUVD-2021-9081
Malicious code in bioql PyPI...
EUVD-2022-35732
Malicious code in bioql PyPI...
EUVD-2022-38715
Malicious code in bioql PyPI...
EUVD-2023-55564
Malicious code in bioql PyPI...
EUVD-2022-1412
Malicious code in bioql PyPI...
EUVD-2022-2927
Malicious code in bioql PyPI...
EUVD-2025-18138
Malicious code in bioql PyPI...
EUVD-2023-33735
Malicious code in bioql PyPI...
EUVD-2024-44421
Malicious code in bioql PyPI...
EUVD-2025-26793
Malicious code in bioql PyPI...
EUVD-2024-19821
Malicious code in bioql PyPI...
EUVD-2023-24775
Malicious code in bioql PyPI...
EUVD-2022-4025
Malicious code in bioql PyPI...
EUVD-2025-18966
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected...
EUVD-2023-41815
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Creative Solutions Contact Form Generator plugin = 2.5.5 versions...
EUVD-2020-8137
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct...
EUVD-2026-36376
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...
EUVD-2026-35681
Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...
EUVD-2026-35679
Improper authorization in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...
EUVD-2026-34083
Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...
EUVD-2026-33553
An uncontrolled allocation of resources without limits or throttling in the e-mail handling in OTRS allows excessive allocation which may lead to the abortion of the webserver.This issue affects OTRS: 8.0.X 2023.X 2024.X 2025.X 2026.X before 2026.4.X Please note that OTRS Community Edition 6.x,...
EUVD-2026-29571
Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability...
EUVD-2026-30743
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...
EUVD-2026-30502
Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...
EUVD-2026-30256
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'subdir' and 'mediaitems' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted t...
EUVD-2024-55581
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the APSmartAudio::loop, APSmartAudio, APSmartAudio.cpp components...
EUVD-2026-29914
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...
EUVD-2026-29442
Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042...
EUVD-2026-29398
The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fancy-img-show shortcode in all versions up to, and including, 9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
EUVD-2026-29397
The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...
EUVD-2026-29401
The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2026-28940
A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...
EUVD-2025-209754
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...
EUVD-2026-28834
Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked...
EUVD-2026-28604
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dsc eDP issue why Need to add function hook check before use...
EUVD-2026-28261
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using...
EUVD-2026-28184
OpenClaw before 2026.4.15 contains an authentication bypass vulnerability in Feishu webhook and card-action validation that allows unauthenticated requests to reach command dispatch. Missing encryptKey configuration and blank callback tokens fail open instead of rejecting requests, enabling...
EUVD-2026-27783
In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: initialise event handler read bytes IPMB doesn't use i2c reads, but the handler needs to set a value. Otherwise an i2c read will return an uninitialised value from the bus driver...